User Tools

Site Tools



Status: Dead and archived for posterity. It might come dead for a v2. Ask q3k.

q3k's pipedream of an intra-Hackerspace (and not only) alternate IP network, based on point-to-point links and BGP. Currently centered around the Warsaw Hackerspace.


  • Secure links over the public internet or private links
  • BGP with 32-bit AS names
    • RFC1918 10/8 allowed
    • might allow longer IPv4 prefixes than /24
    • need to find a crypto system for allowing ASses and prefixes to be announced - right now, we are as secure as the Internet is (not much)

Number Assignement

Currently, there is one assignment authority, and that is the Warsaw Hackerspace. For assignment, please contact


We use the 32-bit private ASN numbering scheme, as defined by RFC6996. Each system that is part of the WAN must have an AS number assigned.

ASN OrgName PoC Physical presence Willing to peer physically?
4242424242 Warsaw Hackerspace Warsaw, ul. Wolność 2A Yes. Radio within LoS
4250000001 q3knet Garching, Bayern, Germany Maybe? Freifunk MUC?
4250000002 Hackerspace Krakow Cracow, Zacisze 5/P1 Probably ;)
4250000003 Dragon Sector n/a (Internet) No.
4250000004 Nibylandia Warsaw, ul. ?
4250000005 _lambdarail_ Warsaw, ul. Jaktorowska
4250000006 pidpawel Kraków, Ruczaj Yes.
4242422001 buka Warsaw
4250000008 dfgg Bydgoszcz Currently no.
4250000009 archnet on demand via q3k@hspl Warsaw
4250000010 hskrk-mciancia Kraków
4250000011 aquila Jelenia Góra
4250000012 googlecloud THE CLOUD
4250000013 tog Blackpitts, Dublin Yes.
4250000014 hskrk-wiktor Kraków, ul. Kluzeka sure, will try mesh soon
4250000015 tkd Kallang Road, Singapore No.
4250000016 hskrk-alwaro Kraków
4250000017 Warsaw, ul. Wolność 2A Yes.
4250000018 hsldz Łódź
4250000019 hswro Wrocław yup
4250000020 hskrk-zagura

IPv4 Addresses

We use the 24-bit RFC1918 pool. When we run out, we'll figure out what to do. Bear in mind, a location can use IPv4 outside this pool (or overlapping), but they will need to be NATted.

Prefix OrgName NetName Warsaw Hackerspace hswawnet01 Hakerspace Krakow hskrknet01 Dragon Sector dsnet01 hsldz hsldz01 dfgg hurrdurr01 pidpawel pidnet01 Nibylandia nbland01 Nibylandia nbland02 Nibylandia nbland03 _lamdarail_ lbrail01 archnet archnet01 googlecloud googlecloud-euwest1 googlecloud googlecloud-uscentral1 hskrk hskrk-members hskrk-wiktor hskrk-wiktor hskrk-mciancia hskrk-mciancia hskrk-alwaro hskrk-alwaro hskrk-zagura hskrk-zagura hswro hswro01 tog tog01 tkd xibalba q3knet q3knet01 q3knet q3knet02 q3knet q3knet03 BUKA BUKA-HSWAN-NET aquila aquila01 fss00 BUKA BUKA-DN42-NET

IPv6 Addresses

We need to figure this out soon.

Security Implications

Since we base off the technology stack of the Internet, security is mostly by trust. This means that, if you join hswan, you should take precautions by securing your local network. Remember to:

  • Make sure to only expose services that you would feel comfortable with being directly on the Internet, so
    • Statefully firewall off access to your guests' machines (laptops, phones…)
    • Keep your network device management interfaces away from the WAN completely
  • Filter incoming BGP prefixes against injection of your own address space and 0/0
  • Not really rely on the confidentiality of a link to another site (use end-to-end encryption)
  • Whitelist, not blacklist everything

With these precautions in place you should be able to experience the fun of having a world-wide Hackerspace WAN without putting your network in danger

How to join

  • Get an ASN and IPv4 network assigned
  • Find a party to peer with
    • If interested in a physical link, find one with a physical presence nearby
    • If interested in a virtual link, find whomever you can trust and who will trust you
  • Establish connectivity, notify Warsaw Hackerspace ops.

How to give someone access

  • Please notify Warsaw Hackerspace ops that you will be setting up a link with third parties
  • Make sure to only give access to parties that you can trust
  • Allowing propagation of hijacked prefixes and ASN announcements are ground for automatic termination of connectivity

Compared to ChaosVPN

q3k does not really enjoy the idea of being locked into one piece of software. Everything speaks BGP, and the physical link choice is left for the peers to decide (OpenVPN/IPSec/ATM/MPLS/CAT6/Fiber/Radio…).

Also, hswan is more fun and less secure.

Compared to dn42

Same concept - hswan was conjured up before q3k was aware of dn42.

hswan is also compatible with the HSWAW address space and has more blocks available… for now.

hswan @ hswaw

You are free to use the following services:

  • DNS for
  • NAS (for access talk to our BOsFH):
  • Our private cloud / virtualization service (register an account with our BOsFH first)
  • A Minecraft server managed by elia:

If you are @HSWAW, you are in HSWAN! Your laptop is statefully firewalled (only outgoing connections are allowed), don't worry. Additionally, if you host anything in our Lab, it will be accessible to people from the WAN.

„pictures of hswan”


  • 15:49 < dfgg> oto moja koncowka hswanu xD
  • 15:49 < q3k> quality xD


Lackrack. Seal of approval included.

projects/hswan.txt · Last modified: 2023/11/08 20:44 by wiktor

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki